add http proxy config to allow ACME challenges

This commit is contained in:
histausse 2022-08-03 22:29:59 +02:00
parent 4ea5f2c6be
commit 888b4c0adb
Signed by: histausse
GPG key ID: 67486F107F62E9E9
2 changed files with 26 additions and 3 deletions

View file

@ -63,10 +63,8 @@
dest: /etc/nginx/nginx.conf dest: /etc/nginx/nginx.conf
notify: Reload nginx notify: Reload nginx
# TODO: << Manage SSL stream reverse proxy >>
# Manage each http site # Manage each http site
- name: Copy Http Servers - name: Copy HTTP Servers
template: template:
src: http_server.j2 src: http_server.j2
dest: "/etc/nginx/sites-available/{{ item.key }}" dest: "/etc/nginx/sites-available/{{ item.key }}"
@ -97,3 +95,11 @@
force: yes force: yes
loop: "{{ http_sites | dict2items}}" loop: "{{ http_sites | dict2items}}"
notify: Reload nginx notify: Reload nginx
# Add HTTP proxy to allow ACME challenges between LE and the SSL endpoints of proxy streams
- name: Copy HTTP Servers allowing ACME challenges with proxy stream
template:
src: http_proxy_acme.j2
dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
loop: "{{ ssl_reverse_proxy_upstream | dict2items}}"
notify: Reload nginx

View file

@ -0,0 +1,17 @@
i{{ ansible_managed | comment }}
server {
listen 80;
listen [::]:80;
server_name {{ item.value.sni_server_name }};
location /.well-known/acme-challenge {
proxy_pass http://{{ item.value.to }}:80;
proxy_set_header Host $host;
}
# Redirect to https
location / {
return 302 https://$host$request_uri;
}
}